Friday, May 09, 2008

Cisco announces a Web Application Firewall

Cisco has jumped into the WAF game with their recently announced Cisco ACE Web Application Firewall. A full proxy device with HTTP(s) and XML policy enforcement, web-based/shell management interfaces, solid performance metrics, and support for both black and white list rules. Apparently Cisco sees a sizable market for WAFs and PCI 6.6 as a driver by reading their overviewliterature (video). So now most big players have a stake in webappsec. This should make things interesting. With Cisco’s brand reputation and reach, people might be willing to get over their initial trust issues with WAFs and do quite well. Should customers demand, perhaps another device we can integrate Sentinel with for virtual patching purposes. The interest has been quite impressive.

Cisco acquired a company called Reactivity last year in March. Along with the acquisition came a full XML message router and firewall (ACE XML Gateway) and a team of top notch engineers. That team built the WAF on top of the existing platform.

Q. What are the hardware features of the ACE Web Application Firewall?A. Cisco ACE Web Application Firewall is available in both FIPS and Non-FIPS versions. The Non-FIPS version has a Cavium CN1120-NHB crypto card, versus the FIPS version which has an nCipher 4000 crypto card. The Non-FIPS version has higher SSL throughput (14K TPS vs. 4K TPS) and is priced lower ($70K vs. $75K).

About Me

Jeremiah Grossman's career spans nearly 20 years and has lived a literal lifetime in computer security to become one of the industry's biggest names. He has received a number of industry awards, been publicly thanked by Microsoft, Mozilla, Google, Facebook, and many others for his security research. Jeremiah has written hundreds of articles and white papers. As an industry veteran, he has been featured in hundreds of media outlets around the world. Jeremiah has been a guest speaker on six continents at hundreds of events including many top universities. All of this was after Jeremiah served as an information security officer at Yahoo!